No Support => Announcements => Topic started by: Αndré on May 20, 2010, 08:45:05 AM
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.4.26 or older update to this latest version as soon as possible.
How to update:
Users running versions prior to 1.4.27 should update immediately by downloading (https://sourceforge.net/projects/coppermine/files/Coppermine/1.4.27%20%28stable%29/cpg1.4.27.zip/download) the latest version from the download page (http://sourceforge.net/project/showfiles.php?group_id=89658) and following the upgrade steps in the documentation (http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/docs/index.htm#upgrade).
If you have problems with this update, please use the Update support board (http://forum.coppermine-gallery.net/index.php?board=59.0). Do not post your issues to this announcement thread - your post will be deleted without notice.
Why was cpg1.4.27 released?
The release covers a recently discovered XSS vulnerability that allows (if unpatched) a malevolent visitor to include own script routines. The Coppermine dev team would like to thank Ilja van Sprundel for reporting the vulnerability.
The Coppermine Team
French annoucement here (http://forum.coppermine-gallery.net/index.php/topic,65097.0.html)
Annoce en Français ici (http://forum.coppermine-gallery.net/index.php/topic,65097.0.html)